auth/credentials/tests/bind.py

   1 #!/usr/bin/env python
   2 # -*- coding: utf-8 -*-
   3 # This is unit with tests for LDAP access checks
   4
   5 import optparse
   6 import sys
   7 import base64
   8 import re
   9 import os
  10 import copy
  11 import time
  12
  13 sys.path.insert(0, "bin/python")
  14 import samba
  15 samba.ensure_external_module("testtools", "testtools")
  16 samba.ensure_external_module("subunit", "subunit/python")
  17
  18 import samba.getopt as options
  19
  20 from ldb import SCOPE_BASE, SCOPE_SUBTREE
  21
  22 from samba import gensec
  23 import samba.tests, unittest
  24 from samba.tests import delete_force
  25 from subunit.run import SubunitTestRunner
  26
  27 parser = optparse.OptionParser("ldap [options] <host>")
  28 sambaopts = options.SambaOptions(parser)
  29 parser.add_option_group(sambaopts)
  30
  31 # use command line creds if available
  32 credopts = options.CredentialsOptions(parser)
  33 parser.add_option_group(credopts)
  34 opts, args = parser.parse_args()
  35
  36 if len(args) < 1:
  37     parser.print_usage()
  38     sys.exit(1)
  39
  40 host = args[0]
  41 lp = sambaopts.get_loadparm()
  42 creds = credopts.get_credentials(lp)
  43 creds.set_gensec_features(creds.get_gensec_features() | gensec.FEATURE_SEAL)
  44 creds_machine = copy.deepcopy(creds)
  45 creds_user1 = copy.deepcopy(creds)
  46 creds_user2 = copy.deepcopy(creds)
  47 creds_user3 = copy.deepcopy(creds)
  48
  49 class BindTests(samba.tests.TestCase):
  50
  51     info_dc = None
  52
  53     def setUp(self):
  54         super(BindTests, self).setUp()
  55         # fetch rootDSEs
  56         if self.info_dc is None:
  57             res = ldb.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
  58             self.assertEquals(len(res), 1)
  59             BindTests.info_dc = res[0]
  60         # cache some of RootDSE props
  61         self.schema_dn = self.info_dc["schemaNamingContext"][0]
  62         self.domain_dn = self.info_dc["defaultNamingContext"][0]
  63         self.config_dn = self.info_dc["configurationNamingContext"][0]
  64         self.computer_dn = "CN=centos53,CN=Computers,%s" % self.domain_dn
  65         self.password = "P@ssw0rd"
  66         self.username = "BindTestUser_" + time.strftime("%s", time.gmtime())
  67
  68     def tearDown(self):
  69         super(BindTests, self).tearDown()
  70
  71     def test_computer_account_bind(self):
  72         # create a computer acocount for the test
  73         delete_force(ldb, self.computer_dn)
  74         ldb.add_ldif("""
  75 dn: """ + self.computer_dn + """
  76 cn: CENTOS53
  77 displayName: CENTOS53$
  78 name: CENTOS53
  79 sAMAccountName: CENTOS53$
  80 countryCode: 0
  81 objectClass: computer
  82 objectClass: organizationalPerson
  83 objectClass: person
  84 objectClass: top
  85 objectClass: user
  86 codePage: 0
  87 userAccountControl: 4096
  88 dNSHostName: centos53.alabala.test
  89 operatingSystemVersion: 5.2 (3790)
  90 operatingSystem: Windows Server 2003
  91 """)
  92         ldb.modify_ldif("""
  93 dn: """ + self.computer_dn + """
  94 changetype: modify
  95 replace: unicodePwd
  96 unicodePwd:: """ + base64.b64encode("\"P@ssw0rd\"".encode('utf-16-le')) + """
  97 """)
  98
  99         # do a simple bind and search with the machine account
 100         creds_machine.set_bind_dn(self.computer_dn)
 101         creds_machine.set_password(self.password)
 102         print "BindTest with: " + creds_machine.get_bind_dn()
 103         ldb_machine = samba.tests.connect_samdb(host, credentials=creds_machine,
 104                                                 lp=lp, ldap_only=True)
 105         res = ldb_machine.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 106
 107     def test_user_account_bind(self):
 108         # create user
 109         ldb.newuser(username=self.username, password=self.password)
 110         ldb_res = ldb.search(base=self.domain_dn,
 111                                       scope=SCOPE_SUBTREE,
 112                                       expression="(samAccountName=%s)" % self.username)
 113         self.assertEquals(len(ldb_res), 1)
 114         user_dn = ldb_res[0]["dn"]
 115
 116         # do a simple bind and search with the user account in format user@realm
 117         creds_user1.set_bind_dn(self.username + "@" + creds.get_realm())
 118         creds_user1.set_password(self.password)
 119         print "BindTest with: " + creds_user1.get_bind_dn()
 120         ldb_user1 = samba.tests.connect_samdb(host, credentials=creds_user1,
 121                                               lp=lp, ldap_only=True)
 122         res = ldb_user1.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 123
 124         # do a simple bind and search with the user account in format domain\user
 125         creds_user2.set_bind_dn(creds.get_domain() + "\\" + self.username)
 126         creds_user2.set_password(self.password)
 127         print "BindTest with: " + creds_user2.get_bind_dn()
 128         ldb_user2 = samba.tests.connect_samdb(host, credentials=creds_user2,
 129                                               lp=lp, ldap_only=True)
 130         res = ldb_user2.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 131
 132         # do a simple bind and search with the user account DN
 133         creds_user3.set_bind_dn(str(user_dn))
 134         creds_user3.set_password(self.password)
 135         print "BindTest with: " + creds_user3.get_bind_dn()
 136         ldb_user3 = samba.tests.connect_samdb(host, credentials=creds_user3,
 137                                               lp=lp, ldap_only=True)
 138         res = ldb_user3.search(base="", expression="", scope=SCOPE_BASE, attrs=["*"])
 139
 140
 141 ldb = samba.tests.connect_samdb(host, credentials=creds, lp=lp, ldap_only=True)
 142
 143 runner = SubunitTestRunner()
 144 rc = 0
 145 if not runner.run(unittest.makeSuite(BindTests)).wasSuccessful():
 146     rc = 1
 147
 148 sys.exit(rc)